Google has come out with an online tutorial that gives security enthusiasts an opportunity to play the role of an intruder by exploiting real security vulnerabilities in a mock web application.

Google's "Web Application Exploits and Defenses" codelab can be used in a black-box setting, in which hackers aren't privy to the source code of the application they're attacking, or a white-box setting, in which they are. Jarlsberg is written in Python, although hackers, of course, need not be versed in the language in order to make mincemeat of the application.

The tutorial is designed to give developers - and anyone else - hands-on experience finding and fixing security bugs in the typical web application. It's broken up into various classes of vulnerabilities such as XSS, or cross-site scripting; CSRF, or cross-site request forgeries; and path traversal. Students are taught not only how to identify specific types of vulnerabilities but how to exploit them to carry out certain types of attacks.

Not judging, but a little bit of a hacker's mindset of being curious and a desire to figure things out would have led to not only an easy solution, but then you could have been the one to provide the answer before people even knew the question. ;-)

Don

Last edited by don on Sat Sep 25, 2010 3:54 pm, edited 1 time in total.